The year 2018 was the second most active year on record for data breaches, report says

Despite a slight dip in the total number of breaches it was still a banner year for hackers focused on stealing data from websites, according to a Risk based Security report.

Top 5 ways to maximize customer data securityCustomers are starting to get the message that their data is valuable. Tom Merritt offers five suggestions to ensure your customers' data isn't vulnerable to attack.

What, if anything, has changed?

The number of days it takes for an organization to report a breach has, on average, diverged little: In 2017 the aggregate was 48.6 days, and in 2018 it only ticked up by a single day to 49.6. That's still a vast improvement from previous years, however: In 2016 the average was over 60 days, in 2015 it was 70, and in 2014 it took most companies 90.9 days to report a breach.

The total number of breaches exposing over 100 million records was consistent as well: There were 12 breaches of that magnitude in 2018 and 13 in 2017. The majority of breaches exposed less than 10,000 records, and externally-originating hacking attacks were the most common source of breaches, the report added.

One change the report noted was in the type of attack that exposed the most records, with web-based breaches reclaiming the top spot from hacking attacks. Web breaches include improperly configured databases and other forms of attacks that take advantage of publicly exposed records.

As for who is most at risk for a breach, businesses located in the United States should take caution: The US was the target of 2,264 successful breaches last year, making it the leading country by an absurd margin, while the United Kingdom, at no. 2, only suffered 144 breaches.

The sectors being targeted for data breaches are led by three groups: Finance and insurance companies, health care organizations, and public administration/government entities. Those three sectors combined were the victims of of 43.4% of all data breaches.

How should businesses respond?

Yes, there was a slight dip in the number of data breaches from 2017 to 2018, and there was an even greater drop in the number of stolen records. That's really good news for businesses who have been stepping up their security practices and treating user records like the invaluable data they are.

Such a small decrease shouldn't make businesses complacent. The year 2018 is still the second most active year on record, and could surpass 2017 in short order.

Web-based attacks are also at their most popular, and they remain a serious security risk for lots of organizations. Take steps now to protect your company from data breaches—better to prevent a disaster than become a data breach statistic.

The big takeaways for tech leaders:

The number of data breaches in 2018 decreased by 3.2% from 2017, while the total number of records stolen decreased by 35.9% over the same time frame. — Risk Based Security

Web-based attacks, which rely on poorly configured security or exposed records, were the most popular way for attackers to steal data in 2018. — Risk Based Security

Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays